Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday March 29 2018, @03:11PM   Printer-friendly
from the Windows-TCO dept.

A derivative of Microsoft Windows ransonware, Wannacry, has hit a Boeing production plant in Charleston, South Carolina. An internal memo from Mike VanderWel, chief engineer of Boeing Commercial Airplane production engineering, warned that the company's production systems and airline software were "at risk".

Wannacry was based on Microsoft Windows' CVE 2017-0144 which is used in the EternalBlue exploit kit. EternalBlue was initially utilized in apparent coordination with Microsoft's long delay in patching. Despite massive media spin, Wannacry was found to have hit all recent versions of Microsoft Windows.

From:
The Verge: Boeing production plant hit with WannaCry ransomware attack
The New York Times: Boeing Possibly Hit by ‘WannaCry’ Malware Attack
The Daily Express: Vital Boeing computer network INFECTED with WannaCry VIRUS - is it safe to fly?.

Previously: UK Blames North Korea for WannaCry Attacks, Says NHS Didn't Follow Cybersecurity Guidelines
WannaCry Ransomware Attack Linked to North Korea by Symantec


Original Submission

Related Stories

WannaCry Ransomware Attack Linked to North Korea by Symantec 23 comments

Symantec and FireEye have linked the recent WannaCry ransomware attacks to North Korea:

Cybersecurity researchers at Symantec Corp. and FireEye Inc. have uncovered more evidence tying this month's WannaCry global ransomware attacks to North Korea.

The cyberattack that infected hundreds of thousands of computers worldwide was "highly likely" to have originated with Lazarus, a hacking group linked to the reclusive state, Symantec said. The software used was virtually identical to versions employed in attacks earlier this year attributed to the same agency, the company said in a report late Monday. FireEye on Tuesday agreed WannaCry shared unique code with malware previously linked to North Korea. "The shared code likely means that, at a minimum, WannaCry operators share software development resources with North Korean espionage operators," Ben Read, a FireEye analyst, said in an emailed statement.

[...] The initial attack was stifled when a security researcher disabled a key mechanism used by the worm to spread, but experts said the hackers were likely to mount a second attack because so many users of personal computers with Microsoft operating systems couldn't or didn't download a security patch released in March labeled "critical."

Also at NYT, Reuters, Ars Technica, and The Hill. Symantec blog (appears scriptwalled).

Here's a screenshot of Wana Decrypt0r 2.0. Note the Wikipedia licensing section.

Previously: Security In 2017: Ransomware Will Remain King
"Biggest Ransomware Attack in History" Hits Around 100 Countries, Disrupts UK's NHS
WannaCrypt Ransomware Variant -- Lacking Kill Switch -- Seen in Wild [Updated]
Decryption Utility for WannaCry is Released


Original Submission

UK Blames North Korea for WannaCry Attacks, Says NHS Didn't Follow Cybersecurity Guidelines 12 comments

UK blames North Korea for WannaCry attacks

The United Kingdom released its final report Friday on the WannaCry ransomware attacks that caused mass disruption in its hospital system, with a U.K. official saying the country believes the attacks originated in North Korea.

"This attack, we believe quite strongly that it came from a foreign state," Ben Wallace, a junior minister for security, told BBC 4 Radio, adding that the government was "as sure as possible" that nation was North Korea.

NHS 'could have prevented' WannaCry ransomware attack

The report said NHS trusts had not acted on critical alerts from NHS Digital and a warning from the Department of Health and the Cabinet Office in 2014 to patch or migrate away from vulnerable older software.

The Department of Health also lacked important information, the report said. "Before 12 May 2017, the department had no formal mechanism for assessing whether NHS organisations had complied with its advice and guidance."

Organisations could also have better managed their computers' firewalls - but in many cases they did not, it said.

NHS organisations have not reported any cases of harm to patients or of their data being stolen as a result of WannaCry.

Also at NPR.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2) by Grishnakh on Thursday March 29 2018, @03:18PM (10 children)

    by Grishnakh (2831) on Thursday March 29 2018, @03:18PM (#659996)

    What kind of moron uses Microsoft Windows on critical computing systems? They're getting exactly what they deserve. I hope they go out of business and get acquired by Airbus for pennies on the dollar.

    • (Score: 2) by Gaaark on Thursday March 29 2018, @03:21PM

      by Gaaark (41) Subscriber Badge on Thursday March 29 2018, @03:21PM (#659997) Journal

      And might I just add "Hahahaha hahahaha hahaha.....etc"

      Window is a gaming platform at best. Critical systems? Idiots.

      --
      --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
    • (Score: 1, Informative) by Anonymous Coward on Thursday March 29 2018, @03:26PM (2 children)

      by Anonymous Coward on Thursday March 29 2018, @03:26PM (#660005)

      Your boss and his golfing buddies do.

      • (Score: 2) by Hartree on Thursday March 29 2018, @04:36PM (1 child)

        by Hartree (195) on Thursday March 29 2018, @04:36PM (#660033)

        Are you implying Grishnak has a job? ;)

        • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @05:49PM

          by Anonymous Coward on Thursday March 29 2018, @05:49PM (#660098)

          Of course not. In spite of it, he still has a boss.

    • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @04:43PM

      by Anonymous Coward on Thursday March 29 2018, @04:43PM (#660037)

      i agree. they want to fund slaveware and be like the straw boss on the digital plantation, then they wannacry when they are the slave too. Too bad the people sleeping in the barn don't seem know about the digital underground railroad(FOSS).

    • (Score: 5, Funny) by bob_super on Thursday March 29 2018, @05:26PM (2 children)

      by bob_super (1357) on Thursday March 29 2018, @05:26PM (#660075)

      Of all the companies out there, Boeing should be the most aware that the highest risk is when you close the air gap.

      • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @10:21PM (1 child)

        by Anonymous Coward on Thursday March 29 2018, @10:21PM (#660221)

        Really? I'd think an airplane sitting on the ground would be fairly safe.

    • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @06:27PM

      by Anonymous Coward on Thursday March 29 2018, @06:27PM (#660120)

      What kind of moron uses Microsoft Windows on critical computing systems? They're getting exactly what they deserve.

      Quite right, they should have put it in the cloud. I put myself in the cloud and everything is serene and secure and perfect. Nothing can go wrong in the cloud.

    • (Score: 2) by turgid on Thursday March 29 2018, @08:58PM

      by turgid (4318) Subscriber Badge on Thursday March 29 2018, @08:58PM (#660192) Journal

      There are many large companies with crazy IT policies. For example, many I have seen where people are developing software for Linux but their workstation is Windows because "that's the corporate standard" so they have something like cygwin installed and various flaky commercial products to provide things like X and they still use FTP because...

  • (Score: 4, Insightful) by Anonymous Coward on Thursday March 29 2018, @03:28PM (8 children)

    by Anonymous Coward on Thursday March 29 2018, @03:28PM (#660006)

    ... I have no idea why people use Windows for anything.

    With billions of dollars of IP on the line, you'd think that these wealthy corporations would band together to developer an operating system that really appreciates security.

    Then again, these wealthy corporations suck on Uncle Sam's golden teat. What do they care? They'll still have an income—they'll probably get a tax break for the losses.

    • (Score: 3, Insightful) by Nerdfest on Thursday March 29 2018, @04:47PM (5 children)

      by Nerdfest (80) on Thursday March 29 2018, @04:47PM (#660042)

      I will say it again. FOSS does not buy lunches or golf vacations.

      • (Score: 3, Informative) by Anonymous Coward on Thursday March 29 2018, @04:51PM (3 children)

        by Anonymous Coward on Thursday March 29 2018, @04:51PM (#660048)

        I'll say it again, too: Engineers ain't getting those lunches or golf vacations, yet they are the ones responsible for getting actual work done.

        If it weren't for their sniveling, shy, autistic nature, maybe they'd learn to say "No" to these know-nothing, extroverted, cocaine-snorting "executives".

        • (Score: 5, Touché) by Anonymous Coward on Thursday March 29 2018, @05:20PM

          by Anonymous Coward on Thursday March 29 2018, @05:20PM (#660067)

          What's the maxim again? "Dog food isn't marketed to the dogs, it is marketed to their masters?"

        • (Score: 2) by Nerdfest on Thursday March 29 2018, @07:16PM

          by Nerdfest (80) on Thursday March 29 2018, @07:16PM (#660140)

          I know all too well how it works. The products used generally go against the wishes of developers, when talking about development products. I'd consider them pretty knowledgeable on the subject, yet here we are. Throw the word "enterprise" in print of it, add a couple of zeros and a support contract and break out the martinis. Not that I'm fucking bitter.

        • (Score: 2, Interesting) by anubi on Friday March 30 2018, @06:16AM

          by anubi (2828) on Friday March 30 2018, @06:16AM (#660290) Journal

          Been there... done that... didn't want the T-shirt... just plain disgusted.

          This is how it works...

          Engineer shows technical skills of seeing design flaws. If he's ethical, he is apt to be insubordinate if pressured to do it anyway. I mean what engineer in his right mind would design a bridge he knew was likely to fall down, just because someone else was ranking aesthetics above stress analysis?

          The manager shows leadership skills of handling insubordinate engineers. An engineer stands up to a manager, he's now on the layoff list. A troublemaker.

          Executives show organizational skills of fitting people's roles and corporate goals into an organizational structure.

          And, at the very top, are the people who pay each level what they believe each level is worth.

          Some really bad decisions get made when the people empowered to spend did not have to earn it themselves, instead chartered with the authority to demand funds from someone else. These people may have no use whatsoever for the good in the first place... the whole affair is nothing more than theater to transfer public wealth into private hands, legally, through tax law and disbursement channels.

          --
          "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
      • (Score: 2) by Grishnakh on Thursday March 29 2018, @05:57PM

        by Grishnakh (2831) on Thursday March 29 2018, @05:57PM (#660101)

        >I will say it again. FOSS does not buy lunches or golf vacations.

        I don't know about golf vacations, but Red Hat is a multi-billion dollar corporation whose largest customer is the US Government, and whose FOSS products are used extensively in that government.

        There is simply no excuse for using Windows for anything requiring security. Alternatives exist, and at least one of those has plenty of money for salespeople, marketing, etc., and even works with the NSA. (I don't think Boeing is too worried about being spied on by the USG, if you're thinking along those lines; they're a major defense contractor.)

    • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @07:02PM (1 child)

      by Anonymous Coward on Thursday March 29 2018, @07:02PM (#660138)

      Can we leave these kind of comments to the other site?

      • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @07:40PM

        by Anonymous Coward on Thursday March 29 2018, @07:40PM (#660160)

        What is it that bothers you so much?

  • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @04:02PM (4 children)

    by Anonymous Coward on Thursday March 29 2018, @04:02PM (#660020)

    I'm surprised they didn't use any security paranoid system.

    • (Score: 4, Insightful) by DannyB on Thursday March 29 2018, @05:35PM (3 children)

      by DannyB (5839) Subscriber Badge on Thursday March 29 2018, @05:35PM (#660082) Journal

      Security is the enemy of convenience.

      --
      I get constant rejection even though the compiler is supposed to accept constants.
      • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @06:12PM (2 children)

        by Anonymous Coward on Thursday March 29 2018, @06:12PM (#660108)

        Not when your internal systems burned down. Perhaps this is horseshoe theory in action?

        • (Score: 2) by Azuma Hazuki on Thursday March 29 2018, @07:21PM (1 child)

          by Azuma Hazuki (5086) Subscriber Badge on Thursday March 29 2018, @07:21PM (#660143) Journal

          No, this is what happens when jackoffs who think golf is a sport and cocaine is a food group think they know better than their engineers and developers. I say fuck 'em, serves 'em right, and as an earlier poster said, hope Airbus eats them alive.

          --
          I am "that girl" your mother warned you about...
          • (Score: 0) by Anonymous Coward on Friday March 30 2018, @09:07AM

            by Anonymous Coward on Friday March 30 2018, @09:07AM (#660317)
            You accuse Boing management of being golfing cocaine addicts dictating engineering distasters, and then suggest Airbus as an alternative? Bwahahahahaha. That's rich.
  • (Score: 2) by Justin Case on Thursday March 29 2018, @04:45PM (1 child)

    by Justin Case (4239) on Thursday March 29 2018, @04:45PM (#660039) Journal

    Every time life-critical systems are discussed some apologist will pipe up and say "they're not your typical Ctrl-Alt-Delete jockeys; they know human lives are on the line so they do super professional work".

    And why should we believe this? Ever? Anywhere?

  • (Score: 4, Insightful) by DeathMonkey on Thursday March 29 2018, @05:20PM (3 children)

    by DeathMonkey (1380) on Thursday March 29 2018, @05:20PM (#660068) Journal

    What made WannaCry so much more destructive, security experts discovered during last year’s outbreak, was that it employed an automated tool that was first developed at the National Security Agency and later dumped online in 2016 by mysterious hackers called the “Shadow Brokers.”

    I know I'm preaching to the choir here but maybe the National Security Agency should focus on making the nation more secure?

  • (Score: 2) by SomeGuy on Thursday March 29 2018, @05:46PM (2 children)

    by SomeGuy (5632) on Thursday March 29 2018, @05:46PM (#660095)

    EternalBlue was initially utilized in apparent coordination with Microsoft's long delay in patching. Despite massive media spin, Wannacry was found to have hit all recent versions of Microsoft Windows.

    So in other words, they were all running the absolute latest and greatest and were still vulnerable.

    Because up to date + using HTTPS = Perfect security!

    Duh.

    People bitch and wine about Windows XP or old browsers, but remember: Whatever up-to-date OS you are using has security vulnerabilities RIGHT NOW. And there is good chance the bad guys already know about them. Don't believe me, come back in a year and see how many vulnerabilities get documented. (Right, but you won't care because you have moved on to an even more "up-to-date" system that still has security vulnerabilities but you just don't know about them, and besides the new thing-a-majig has even brighter bluer LEDs!)

    It doesn't matter if you are running Windows Eleventeen or whatever, pretend that you are running Windows 95 and take extra security precautions.

    Some of the follow up news after the City of Atlanta ransomware mentioned city employees were switching their computer to use public Wifi hotspots for internet access because the internal networks were shut down. My face is still bruised from the epic face palm.

    • (Score: 1) by anubi on Friday March 30 2018, @06:21AM

      by anubi (2828) on Friday March 30 2018, @06:21AM (#660291) Journal

      I have a system still running WIN95. It works perfectly... Why change it?

      Still have the same garage door too.

      --
      "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 0) by Anonymous Coward on Sunday April 01 2018, @05:52AM

      by Anonymous Coward on Sunday April 01 2018, @05:52AM (#661059)

      While this creed certainly does have some merit as in new systems will have bugs too it's still crazy to use an OS that is so old that the bugs are public knowledge. In that case not only the richest criminal syndicates and national states can attack you but literally anybody in the world and their dog.

      I agree about killing blue LEDs and defense in depth. Maybe don't real any news for awhile so your face gets to heal... :)

  • (Score: 0) by Anonymous Coward on Thursday March 29 2018, @07:29PM (2 children)

    by Anonymous Coward on Thursday March 29 2018, @07:29PM (#660150)

    A new variant of ransomware was renamed "WannaFly?" In related news, Betteridge's law of headlines replied with a definite "No!".

    • (Score: 2) by MostCynical on Thursday March 29 2018, @09:26PM (1 child)

      by MostCynical (2589) on Thursday March 29 2018, @09:26PM (#660208) Journal

      Multibillion dollar company doesn't airgap production systems.

      Likely because the software updates can't be distributed by CD or Portable hard drive (becuase the coders are too young to know how to do that, or like because "internet!")

      Do they even have prod/dev/test/train anymore, or is everything "prod-and-hope-last-backup-worked"?

      --
      "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
      • (Score: 1) by anubi on Friday March 30 2018, @06:24AM

        by anubi (2828) on Friday March 30 2018, @06:24AM (#660292) Journal

        There was a day when code was code... now its a bunch of calls to blobs.

        And I do not trust the blobs.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(1)